Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VB7.x VB8.0 VB9.0 VS2008 SQL , +
I'm developing a small application which involves sql server and vb for the front end. my tables has timestamp as one of the column. when i write query directly on sql timestamp field can be skipped. But when query is written within the vb app. The query returns a error NOT ENOUGH ARGUMENTS SUPPLIED!!
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
com.ConnectionString = "server=.\sqlexpress;Database=mjjsj1;trusted_connection=True;"
If TextBox1.Text <> "" And TextBox2.Text <> "" And TextBox3.Text <> "" Then
com.Open()
cmd = New SqlCommand("insert into BACHELI values(" + TextBox2.Text + "," + TextBox5.Text + "," + TextBox8.Text + ")", com)
cmd.ExecuteNonQuery()
com.Close()
End If
End Sub

THANK YOU
Posted 24-Aug-12 21:22pm
Edited 24-Aug-12 22:52pm
v4
Comments
Mehdi Gholam at 25-Aug-12 2:43am
   
Show your code.
Sharath2790 at 25-Aug-12 3:03am
   
Mehdi Gholam
I've update ques

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead - it will almost certainly cure your problem at the same time!
 
cmd = New SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com)
cmd.Parameters.AddWithValue("@T1", TextBox2.Text)
cmd.Parameters.AddWithValue("@T2", TextBox5.Text)
cmd.Parameters.AddWithValue("@T3", TextBox8.Text)
You will need to rename "mycolumn1" etc. to match your columns, and it would be a good idea to rename the parameters "@T1" and so on to something more sensible as well.
 
While we are on the subject, stop taking VS defaults for names - you may remember today what "TextBox8" holds, but when you come back to makes changes in a weeks time? Or next month? Always use sensible names instead that describe what it is used for.
  Permalink  
Comments
Sharath2790 at 20-Oct-12 1:45am
   
This method can be used in C#????
OriginalGriff at 20-Oct-12 2:31am
   
Yes - and should. Just replace the "New" with "new" and add semicolons to the end of each line:
cmd = new SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com);
cmd.Parameters.AddWithValue("@T1", TextBox2.Text);
cmd.Parameters.AddWithValue("@T2", TextBox5.Text);
cmd.Parameters.AddWithValue("@T3", TextBox8.Text);

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.141220.1 | Last Updated 25 Aug 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100